Documente Academic
Documente Profesional
Documente Cultură
1 Introduction
Service Oriented Architecture (SOA) governance has become a topic of high interest
for both academics and practitioners. While the academic literature is focusing on the
technical aspects associated of SOA [1, 2] and the major software vendors are putting
huge efforts to promote the growth of SOA adoption [1], there has been a lack of
empirical evidence about SOA governance and SOA governance models. CIOs are
recognizing the need to align business and IT in meaningful and measurable ways
[3, 4]. However, no common understanding of SOA governance exists [5]. This
research focuses on drawing the main aspects of SOA governance from previous work
and examines the role of these aspects in building effective SOA governance.
Section 2 of this paper provides a literature review on the major aspects of SOA
governance. Section 3 discusses the research approach, methodology and design used
to achieve the aims of this study while Sects. 4 and 5 address the preliminary results
and future work respectively.
J.G. Davis et al. (Eds.): ASSRI 2013, LNBIP 177, pp. 1528, 2014.
DOI: 10.1007/978-3-319-07950-9_2, Springer International Publishing Switzerland 2014
16 G. Joukhadar and F. Rabhi
2 Literature Review
2.1 SOA Governance Standards
The difference between SOA and IT architectures is its emphasis on Information
Systems (IS) agility which enhances business agility [6]. Unlike other architectures,
the SOA paradigm creates an IT view from a business process perspective. It allows
these business processes to be constructed, analyzed, and modified much more
easily [7].
Researchers agree that organizations planning to broadly adopt SOA should start
with governance [813]. Organizations need to decide how to implement governance
over the SOA implementation in the organization. Technology adoption alone is not
enough to enable business or IT transformation [4] - for the fact that decisions made in
the information system affect and are affected by the impact that IT has on business
processes [14]. When organizations choose to treat integration as just another tech-
nology implementation, experiences show zero to minimal reuse, minimal improve-
ment in business responsiveness or flexibility, and higher IT costs over time [4].
Therefore, we see that SOA governance is extending out of IT and merging with
business considerations [15]. This comprehensive SOA governance will provide
additional strength to the overall information management policies, and aid in
maintaining the authenticity and integrity of the corporate information assets [16].
In order to address the existing challenges and successful SOA adoption, orga-
nizations need exact definition of processes and relationships, control mechanisms,
SOA metrics and enforcement of policies that are defined in an SOA governance
framework. The role of an SOA governance framework is defining the set of pro-
cesses, organization structures, policies, solutions and technologies that can help to
manage complex SOA deployment in an effective and efficient manner [17].
defined as control framework, more tightly aligned with the business objectives of the
organization than with operational issues [12, 19].
Val IT takes IT governance onto a higher level of abstraction by providing general
directions on how to manage IT from a business point of view. The high level of
abstraction is however also a limitation, as Val IT purely focuses on the interface
between IT and the business and lacks the support to represent e.g. the processes of an
IT organization [20]. Val IT takes on where COBIT ends, and the two frameworks
complement each other well [21].
While COBIT processes manage all IT related activities and Val IT best describes
how to progress and maximize the return on investment, the role of Risk IT is enhance
risk management. Risk IT was published in 2009 by ISACA [22]. It is the result of a
work group composed by industry experts and some academics of different nations,
coming from organizations such as IBM, PricewaterhouseCoopers, Risk Management
Insight, Swiss Life, and KPMG. Risk IT is a framework based on a set of guiding
principles for effective management of IT risk [22].
The COBIT 5 framework is the successor to the COBIT 4.1, with the Risk IT and
Val IT frameworks integrated as well. Where principles, policies, frameworks, cul-
ture, ethics and behaviour were mentioned in a few COBIT 4.1 processes, COBIT 5 is
based on a revised process reference model with a new governance domain and
several new and modified processes that now cover enterprise activities end-to-end,
i.e., business and IT function areas. COBIT 5 consolidates COBIT 4.1, Val IT and
Risk IT into one framework, and has been updated to align with current best practices,
e.g. ITIL [23].
Weill and Ross [24] have identified six interacting components for the effective
design of IT Governance in their framework. Their main focus lies in the use of IT
metrics and accountabilities to influence behaviour. The goal is to create target-
oriented incentives in order to evoke specific desirable behaviour. However, their
model does not cover SOA lifecycle [12].
SOA Governance Frameworks Proposed in the Research Literature
Numerous models for SOA Governance have been proposed so far. Most of them are
motivated by software providers that offer SOA business solutions and closely align
their SOA governance perspectives with their products [12]. They differ extensively in
scope and capability and many remain abstract. They emphasize on different aspects,
e.g., service lifecycle management or organizational change.
Bieberstein et al. [25] propose an SOA Governance Model in which they identify
six governance processes and three steps for launching the SOA governance model.
They found that SOA strategy and SOA objectives should be defined in such a way
that both the business and IT units have a clear understanding of such objectives.
Accordingly, policies defined by governance positions should form the basis for any
decision. Their model is made complete by a set of best practices.
Derler and Weinreich [26] propose a framework that deals mainly with services.
They looked at the governance issues from a technical side. They provided two main
tools: the Service Repository Console and the Service Browser. They stated that their
model is to support service reuse and service lifecycle activities.
18 G. Joukhadar and F. Rabhi
Kuang-Yu et al. [27] developed their own framework because they could not find
any suitable on the market that could meet their special requirements for Chunghwa
Telecom (CHT). The main functions of their system which they called Service Ori-
ented Bus (SOBUS) are: (1) Managing the applications and registrations of the ser-
vices on Enterprise Service Bus (ESB). (2) Managing and monitoring the web services
and messages services. (3) Analysis of services performance.
Varadan et al. [4] enlightened in their framework on the added benefits of an SOA
documented vision and how it can drive the scope towards an SOA governance. They
cited four governance processes that must be included in the framework: compliance,
vitality, exceptions and appeals and communication. They argued that the use of
Enterprise Service Bus is essential for SOA adoption and how using it with a registry
can increase business benefits.
Neimann et al. [12, 28] propose an SOA governance framework that consists of
two parts: the SOA Governance Control Cycle and the SOA Governance Operational
model. According to them, the first represents the overall steering process that controls
the operation of the SOA system and it consists of four phases: planning, design,
realization and operation. The operational model describes the activities and com-
petencies. They argued that the two parts interact with each other.
de Leusse et al. [29] propose an SOA governance framework based on require-
ments that underline the need for policy and process management, policy adminis-
tration, resource life-cycle management, resource adaptation, resource visibility and
resource contextualization. They made a distinction between the operational, data and
management models. In the operational model, they listed: business capability,
infrastructure capability, access control, identity management, message interceptor,
metadata repository, policy management, profile management and service registry. In
the Object model, they listed the policies and processes. In the management model,
they listed profile management, capability management and governance layer base.
Hojaji and Shirazi [17, 30, 31], developed an SOA governance framework based
on COBIT 4.1. Their framework consists of a set of service lifecycle processes
governed by governance processes. They stated that their framework contributes to
SOA governance needs by: promoting the alignment of business and IT, organizing
service lifecycle and governance processes, defining the management control objec-
tives, providing SOA reference architecture and infrastructure, and providing metrics
and maturity models to measure achievement of defined goals.
Vendor-Based SOA Governance Frameworks
The SOA governance approach proposed by Oracle consists of nine key areas of
interest, that are combined with a structured set of best practices. It is completed by
an SOA adaptation model which defines a cycle of six steps that supports continuous
improvement of the SOA [32].
Software AG [8] identifies maturity and governance levels. Their maturity model
is consisted of six levels and they also defined an SOA service lifecycle which
incorporates services, artifacts and roles. They provided a five-step SOA adaptation
plan and a set of best practices [28].
Before being acquired by Software AG in 2007, the SOA governance approach at
WebMethods consists of two parts: Architecture Governance and Service Lifecycle
Effective Governance During SOA Lifecycle 19
Governance. The latter is divided into design-time, run-time and change-time Gov-
ernance. Architecture Governance deals with issues such as corporate technology
standards, the definition of an SOA topology and the determination of an SOA plat-
form strategy. Service Lifecycle Governance focuses on the regulation of design, etc.
of services through its respective policies and enforcement mechanisms [28, 33].
Authors at IBM - have defined SOA Governance as an extension of IT Governance
that focuses on the service lifecycle and composite applications [28]. The IBM SOA
Governance model comprises a service lifecycle and an SOA governance lifecycle,
both consist of four phases [3436]. They also advocated a best practice approach for
performing SOA governance called SOA Governance and Management Method
(SGMM). SGMM focuses on the three main aspects: people (including governance
organizational structures and the concept of a Center of Excellence), process (the
governance processes used to govern the SOA) and technology. The SGMM reference
model defines concepts in terms of principles, organizations roles and responsibilities,
infrastructure and tools, and governing and governed processes.
In conclusion there are many IT and SOA governance frameworks, either pro-
posed or vendor-based. The next section will show which aspects are recognized by
each of frameworks reviewed above.
Table 1 classifies the SOA governance aspects and shows how these aspects are
addressed by the IT and SOA governance frameworks discussed previously.
In conclusion, there is no empirical evidence on the implications of the gover-
nance frameworks used for SOA and how these frameworks are actually working in
the most effective way. There is so much that is not known and not researched and
there are many claims made in the literature that are not substantiated by empirical
evidence. As a result there is confusion about the usage of SOA governance, and
hence the aspects of SOA governance have not been successfully addressed.
Effective Governance During SOA Lifecycle 21
one that attempted and failed to implement SOA governance. The selection of two
cases will enable the identification and analysis of SOA governance aspects present in
both, and those present in one of them. By contrasting SOA governance effectiveness in
the two cases and the ways individual aspects are implemented will provide grounding
for the development of substantive theoretical claims regarding the importance and role
of SOA governance aspects. The aim is not to generalize empirically but to generalize
conceptually and provide an account of SOA governance aspects. This phase will allow
having direct, in-depth contact with organizational participants, particularly through
interviews and direct observations of activities. Data collection in this phase relies on
observing, listening to members, taking notes, getting involved sometimes, and running
field interviews.
4 Preliminary Findings
4.1 Participants
This study is still at infancy stage. Three face-to-face interviews were conducted as
part of Phase I. The interviewees are selected and recruited through professional
networks of SOA/IT governance experts. Contacts were made in advance by email
and one page summary of the research was sent upon request. Each interview was
given one-hour. The interview questions were not given in advance. The participants
had a decision-making role in their organizations and their experience with SOA
governance varies from 7 to 25 years. They have worked with a minimum of two
Effective Governance During SOA Lifecycle 25
4.2 Results
A broad set of questions were asked regarding the participants background, their
experience with IT and SOA governance, the mechanisms used to select a governance
framework, the benefits realized from selecting that framework, the aspects consid-
ered in the framework, how the aspects were observed, and the lessons learned.
The interviews demonstrate the need to assess and validate the governance
aspects. During the interviews, the participants were asked to assess each of the
aspects listed in the literature review and to evaluate its importance: Not Very
Important, Important and Very Important (Table 3). The interview transcripts were
analyzed using Thematic Analysis as mentioned in Sect. 3.3. First, interesting ideas,
topics, and concepts were coded, and then organizing and grouping the coded con-
cepts into themes and broader categories and identifying links among them. Finally,
the themes were reviewed to identify similar patterns across the data from the three
organizations interviewed. All participants have used different SOA governance
frameworks at the organizations they have worked. None of them have used an IT
governance framework for an SOA project. The participants view to SOA was based
on their own experience. They all agreed that SOA needs a governance framework,
but more importantly was their view to the aspects to consider in the governance
framework. They selected their governance frameworks based on their organizations
needs. They either modified the framework selected to match with their organizational
requirements or built their own one.
As a preliminary analysis based on the three interviews, the most important
aspects were: organizational changes, Enterprise Service Bus, process monitoring and
evaluation, and service security. This is not to ignore the service performance analysis
and infrastructure capability. All three participants discussed in details the Enterprise
Service Bus as being critical to their organizations SOA governance framework. One
of the participants pointed to a new potential aspect - the interaction with web services
- and suggested that it could be as a new aspect rather than being included under
Enterprise Service Bus. The three interviewees conducted were used to adjust the
interview questions of Phase I in order to capture additional empirical data and try to
achieve the aims of this research.
26 G. Joukhadar and F. Rabhi
Interview 1
Interview 2
Interview 3
Interview 1
Interview 2
Interview 3
Business Aspects Technical Aspects
SOA Vision * * ** Enterprise Service Bus *** *** ***
SOA roadmap * * * Srv. performance analysis ** ** ***
Centre of Excellence ** ** * Policy management * * *
SOA Maturity * * * Best Practices deployment * * ***
Service lifecycle mngt * ** ** SOA Gov. Technology ** * *
SOA Business cap. * * * Infrastructure capability ** ** *
Governance processes ** * ** Process monitoring & eval. *** *** ***
Organizational changes ** *** *** Service transparency control * * **
Service Portfolio mngt * * * Service security ** *** ***
Open srv. market-place * ** ***
Since the study is still under development and more interviews are to be conducted
soon, it is probably too early to comment further on the results. From what has been
done so far, we conclude that the literature covers enough about SOA governance and
SOA governance frameworks theoretically but there is a gap about the usage of these
frameworks by organizations and how the selection and implementation of a frame-
work affects SOA adoption. This research is seeking to complete Phase I by con-
ducting a total of twenty interviews. When Phase I is completed, two organizations
will be selected for Phase II: one organization that has been highly successful with
SOA governance and another one that attempted and failed to implement SOA gov-
ernance. Comparing and contrasting the results of the two phases will provide
grounding for the development of substantive theoretical claims regarding the
importance and role of SOA governance aspects.
References
1. Luthria, H., Rabhi, F.: Service-oriented computing in practice an agenda for research into
the factors influencing the organizational adoption of service oriented architectures.
J. Theor. Appl. Electron. Commer. Res. 4(1), 3956 (2009)
2. Beimborn, D., et al.: The role of IT/business alignment for achieving SOA business value -
proposing a research model. In: Americas Conference on Information Systems (AMCIS).
AIS Electronic Library (AISeL) (2009)
3. Mller, I., Han, J., Schneider, J.-G., Versteeg, S.: A conceptual framework for unified and
comprehensive SOA management. In: Feuerlicht, G., Lamersdorf, W. (eds.) ICSOC 2008.
LNCS, vol. 5472, pp. 2840. Springer, Heidelberg (2009)
Effective Governance During SOA Lifecycle 27
4. Varadan, R., et al.: Increasing business flexibility and SOA adoption through effective SOA
governance. IBM Syst. J. 47(3), 473488 (2008)
5. Bernhardt, J., Seese, D.: A conceptual framework for the governance of service-oriented
architectures. In: Feuerlicht, G., Lamersdorf, W. (eds.) ICSOC 2008. LNCS, vol. 5472,
pp. 327338. Springer, Heidelberg (2009)
6. Choi, J., Nazareth, D.L., Jain, H.K.: Implementing service-oriented architecture in
organizations. J. Manage. Inf. Syst. 26(4), 253286 (2010)
7. Rabhi, F.A., et al.: A service-oriented architecture for financial business processes. Inf.
Syst. eBus. Manage. 5(2), 185200 (2007)
8. SoftwareAG.: Best practices for SOA governance user survey. www.softwareag.com/
Corporate/res/SOAGovernanceSurvey.asp (2008). Accessed 7 March 2011
9. Smith, F.O.: As SOA adoption solidifies, good governance is recognized as critical next
step. Manuf. Bus. Technol. 26(6), 4849 (2008)
10. Parachuri, D., Badveeti, N., Mallick, S.: Light weight SOA governance a case study. In:
IEEE Congress on Services - Part I (2008)
11. Lundquist, E.: The five next steps in service-oriented architectures. eWeek 26(19), 22
(2009)
12. Niemann, M., et al.: Challenges of governance approaches for service-oriented
architectures. In: 3rd IEEE International Conference on Digital Ecosystems and
Technologies 2009, DEST 09 (2009)
13. Hassanzadeh, A., Namdarian, L., Elahi, Sb: Developing a framework for evaluating service
oriented architecture governance (SOAG). Knowl.-Based Syst. 24(5), 716730 (2011)
14. High, J.R., Krishnan, G., Sanchez, M.: Creating and maintaining coherency in loosely
coupled systems. IBM Syst. J. 47(3), 357376 (2008)
15. Laurent, W.: A better era of SOA governance. DM Rev. 18(10), 29 (2008)
16. Larrivee, B.: SOA: no governance needed. Or is it? AIIM E-DOC 21(5), 2425 (2007)
17. Hojaji, F., Shirazi, M.R.A.: A comprehensive SOA governance framework based on
COBIT. In: 2010 6th World Congress on Services (SERVICES-1) (2010)
18. Jordan, E., Musson, D.: Corporate governance and IT governance: exploring the boards,
perspective (2004)
19. ITGI.: Control Objectives for Information and Relates Technology (CoBIT) 4.1. IT
Governance Institute (ITGI) (2007)
20. ITGI.: The Val IT Framework. IT Governance Institute (ITGI), Rolling Meadows, IL
(2007)
21. Simonsson, M., Johnson, P., Ekstedt, M.: The effect of IT governance maturity on IT
governance performance. Inf. Syst. Manage. 27(1), 1024 (2010)
22. The risk IT framework. ISACA 2009. www.isaca.org, 10 May 2011
23. COBIT 5 - A Business Framework For The Governance And Management of Enterprise IT.
ISACA 2012, 26 Apr 2012
24. Weill, P., Ross, J.W.: How Top Performers Manage IT Decision Rights for Superior
Results. Harvard Business School Press, Cambridge (2004)
25. Bieberstein, N., et al.: Service-Oriented Architecture (SOA) Compass: Business Value,
Planning, and Enterprise Roadmap. IBM developerWorks Series, 1st edn., 272 pp. IBM
Press, Indianapolis (2006)
26. Derler, P., Weinreich, R.: Models and tools for SOA governance. In: Draheim, D., Weber,
G. (eds.) TEAA 2006. LNCS, vol. 4473, pp. 112126. Springer, Heidelberg (2007)
27. Kuang-Yu, P., Shao-Chen, L., Ming-Tsung, C.: A study of design and implementation on
SOA governance: a service oriented monitoring and alarming perspective. In: IEEE
International Symposium on Service-Oriented System Engineering 2008, SOSE 08 (2008)
28 G. Joukhadar and F. Rabhi
28. Niemann, M., et al.: Towards a generic governance model for service-oriented
architectures. In: Americas Conference on Information Systems (AMCIS). AIS
Electronic Library, Toronto (2008)
29. de Leusse, P., Dimitrakos, T., Brossard, D.: A governance model for SOA. In: IEEE
International Conference on Web Services 2009. ICWS 2009 (2009)
30. Hojaji, F., Shirazi, M.R.A.: AUT SOA governance: a new SOA governance framework
based on COBIT. In: 2010 3rd IEEE International Conference on Computer Science and
Information Technology (ICCSIT) (2010)
31. Hojaji, F., Shirazi, M.R.A.: Developing a more comprehensive and expressive SOA
governance framework. In: 2010 the 2nd IEEE International Conference on Information
Management and Engineering (ICIME) (2010)
32. Afshar, M.: SOA governance: framework and best practices (2007). http://www.oracle.
com/us/technologies/soa/oracle-soa-governance-best-practice-066427.pdf, 25 Apr 2011
33. WebMethods. SOA governance - enabling sustainable success with SOA (2006). http://
www1.webmethods.com/PDF/whitepapers/SOA_Governance.pdf, Oct 2006March 2008
34. Woolf, B.: Introduction to SOA governance. developerWorks (2006). https://www.ibm.
com/developerworks/library/ar-servgov/, 25 July 2010
35. Brown, W., Moore, G., Tegan, W.: SOA governance IBMs approach (2006). ftp://ftp.
software.ibm.com/software/soa/pdf/SOA_Gov_Process_Overview.pdf. Aug 2006July
2008
36. Holley, K., Palistrant, J., Graham, S.: Effective SOA governance. On demand business
(2006). http://www-304.ibm.com/jct03001c/industries/global/files/educ_soa_gov_process_
overview.pdf
37. Zhang, Y., Xiang, G., Liu, W.: On airlines sustainable innovation driven by SOA
governance. In: 2009 International Conference on Information Management, Innovation
Management and Industrial Engineering (2009)
38. Poi, S., et al.: Enabling SOA through organizational change and governance - White paper,
Nov 2007
39. Falkl, J., et al.: IBM advantage for SOA governance standards. http://download.boulder.
ibm.com/ibmdl/pub/software/dw/webservices/ws-soagovernanceadv/
ws-soagovernanceadv-pdf.pdf, Aug 2009
40. Keen, M., et al.: Implementing Technology to Support SOA Governance and Management.
IBM Redbooks, Indianapolis (2007)
41. Bieberstein, N., et al.: Impact of service-oriented architecture on enterprise systems,
organizational structures, and individuals. IBM Syst. J. 44(4), 691708 (2005)
42. Josuttis, N.M.: SOA in Practice. OReilly, Sebastopol (2007)
43. Goldkuhl, G.: Pragmatism vs interpretivism in qualitative information systems research.
Eur. J. Inf. Syst. 21(2), 135146 (2012)
44. Ezzy, D.: Qualitative Analysis: Practice and Innovation. Allen & Unwin, Crows Nest
(2002)
http://www.springer.com/978-3-319-07949-3